In the sandbox? more like in the kitty litter with all the other turds.
Naughty Flash Player BURIED ALIVE in OS X Mavericks Safari sandbox
The Adobe Flash Player plugin runs in a locked-down sandbox under Safari on OS X 10.9 "Mavericks," making Apple the latest major web browser vendor to provide additional security when viewing Flash content on the web. According to a memo posted by Adobe security strategist Peleus Uhley on Thursday, Flash Player in Mavericks is …
-
-
Thursday 24th October 2013 22:13 GMT Electric Panda
Re: golf clap
It was always earlier versions of Chrome that crashed painfully hard when Flash was running. So much for the "revolutionary" each-tab-as-a-separate-process approach when Flash would regularly crash ALL of them. One of the reasons why I stopped using Chrome because Flash back then worked fine in everything else.
-
-
-
-
Saturday 26th October 2013 23:41 GMT ThomH
@skelband
Contorting Jobs' statement through selectively strict interpretation is about as meaningful as if I insisted your statement, "User-land code should only affect applications", couldn't possibly mean the logically corrected version, "User-land code should affect only applications", because that's not what you wrote.
Jobs often used 'the Mac' to mean any combination of the hardware, the OS and the applications that run on it.
-
-
-
-
-
Friday 25th October 2013 19:51 GMT Anonymous Coward
Re: @Skelband
> There's a difference between 'cause' and 'allow'. Flash 'causes' the crash, the OS 'allows' it.
Neither of which was used in the original quote.
I'll say it again for those hard of thinking.....the machine should not crash because of a user program if the OS is properly constructed. Flash might be (and indeed is) a buggy pile of shite, but the OS is there to protect us from such obscenities ( or not in the case of Apple hardware apparently).
-
-
-
Thursday 24th October 2013 21:57 GMT cyke1
Re: Ummm, this isn't new...
reason is everyone thinks mac os x is perfect and has 0 flaws in it so its its easy to blame plugin like flash for what is clearly a problem in apple's OS. When talking about security record, funny how few people point to apple's pretty bad one as well, Flaw is found and they get fixed code within a day of flaw being known world wide and it took them 2 months before they release the patch.
-
Thursday 24th October 2013 22:06 GMT Dan 55
Re: Ummm, this isn't new...
The App Sandbox appeared with Lion, it was then made mandatory in early 2012 for programs sold in the Mac App Store, but now with Mavericks this is the first time it's been used by Safari to run plugins.
Flash got dropped from Lion at about the same time, and you had to go to Adobe to download it separately, but it wasn't sandboxed.
-
-
-
This post has been deleted by its author
-
Friday 25th October 2013 11:30 GMT Peter Gathercole
@Def
The difference in the sandbox approach is that it denies access to resources by checking what they are doing at the API boundary of the sandbox, rather than allowing the underlying OS to control access.
Any suitably designed OS should have controls to contain rogue actions (like the permissions system on the filesystem and IPC resources and Role Based Access Control) already, and many do. But things like Windows up to XP, whilst it had the underlying technology were so compromised by the way that the systems were implemented (users running as an Administrator by default, and too many critical directories having write access to non-administrator accounts) that it became necessary to add the extra 'sandbox' to protect the OS!
Unfortunately, the way that OSX deploys applications is fundamentally flawed (they've added an application deployment framwork into user-space so that you don't need to be root to install an application, or it was this way the last time I looked at OSX), and this unfortunately opens it up to applications being altered by other applications without requiring additional privilege. The OS remains protected, but the applications are vulnerable. This is the reason for implementing a sandbox.
Anyway, sandboxes are not new. On UNIX systems since seemingly forever (certainly since Version 7 in 1978), you've had chrooted environments that you can use to fence particular processes to controlled sub-sets of the system
-
-
-
Friday 25th October 2013 07:50 GMT Volker Hett
As a long time linux user I know that flash for non MS systems is a mixed bag at best. So I don't use it.
As far as I remember, Adobe claimed lacking support from the linux community for their fine software, looks like Apple, Google and Microsoft sent them real programmers to fix that mess and had to add additional security because it's still broken ...
-
Friday 25th October 2013 08:05 GMT Alperian
Flash locked up like the 'Princes in the tower'. I am looking forward to the total invulnerability of HTML5. Web developers are being played like marks in a big con while Adobe has got itself at least 10 more years of development cycles with its 'Edge' products.
Today I think I'll move an ellipse across the canvas. Yey!
Takes me back to Flash 4.
-
-
Friday 25th October 2013 10:10 GMT Anonymous Coward
Chrome/Flash is quite useful
whilst helping to beta test mavericks for the last while - Chrome was great as I prefer to not have Flash, nor indeed any other Adobe product on my Mac. When I really need Flash (some inane car manuf. website or kids game like star doll,) then I could run Chrome's inbuilt "Pepper-player". I did quite a bit of feedback with Cupertino as the Pepper player did like to use a CPU or two for itself in early maverick seeds!
-
Friday 25th October 2013 10:52 GMT Steve Graham
The "Thoughts on Flash" memo was just a smokescreen to cover up the real reason for banning Flash from iOS: with Flash, you can build an application with its own windows, menus, widgets and all that stuff, so it would be possible to violate the coherent look and feel of iOS. Heresy.
Although all that "power" in Flash is a weakness, not a strength, since it makes the product excessively large, complex and, hence, difficult to make stable and secure. And all people really wanted was a movie player.
-
Friday 25th October 2013 11:32 GMT itzman
and all people wanted was a movie player...
But that's adobe for you.
Don't just provide a minimal technical solution to the problem of - say - defining a portable document format.
Nah why NOT invent a whole new inefficient interpreter in a brand new language that turns a 3 page file of text in a single font into several megabytes of instructions on how to recreate it from scratch.
I think the scales fell from my eyes when I realised that a single page of postscript was actually larger than the full color bitmap at full print resolution of the corresponding A4 page would be.
Didn't Apples first laserwriter have more CPU and memory that the computers that sent it files?
In my IT life three products stand out - maybe four as being the solution not to the actual problem, people had, but solutions to problems people never ever would have had, or would likely to ever encounter.
PostScript/PDF
X-Windows
Flash
*nix lp and friends up to and including CUPS.
Two of them are adobe products...
By dint of massive amounts of effort building layers on top of them to conceal; their utter ghastliness, they have finally been persuaded to work, well enough, but oh, if we had gone the RFC route with them instead, and started off with - say - minimalist implementations that actually worked, and added features ONLY AS AND WHEN THE NEED BECAME BLINDINGLY OBVIOUS.
-
Friday 25th October 2013 14:33 GMT AJ MacLeod
Re: and all people wanted was a movie player...
If by "X-Windows" you mean the network-aware nature of X11 then you're completely wrong. It provides capabilities that have been relied upon by thousands of people every day for years and does so with little fuss - nobody claimed it was perfect, but it definitely fulfils a genuine need. For that matter I have no idea why you've put CUPS in there, never mind "lp"... do you think that people aren't likely to need to print? Print spoolers and print servers are solutions to a problem people don't have?
In any case your argument against PDF is fallacious; if all you need is basically unformatted plain text then use plain text - PDF exists because of the difficulties in maintaining formatting appearance across devices whilst retaining the ability to preserve the textual content as such.
-
-
-
Friday 25th October 2013 19:47 GMT Robert Carnegie
I'm an Opera user
Last!
(um... not the last Opera user... I hope)
Long, long time Opera user, since modem dial up on Windows 3.1 or something.
Writing this in Opera 17 point something. Yes, it's chromium-flavoured now. I've chosen not to install Flash in it.
Google web sties telling me to upgrade my work browser to Chrome instead of its own newer version was, in my opinion, rude.